MFW a so-called cyber security researcher learns about IPMI
Comment on The Risk of RISC-V: What's Going on at SiFive?
IHeartBadCode@kbin.social 11 months agoDell iDRAC comes to mind as well.
Socsa@sh.itjust.works 11 months ago
Comment on The Risk of RISC-V: What's Going on at SiFive?
IHeartBadCode@kbin.social 11 months agoDell iDRAC comes to mind as well.
MFW a so-called cyber security researcher learns about IPMI
fuckwit_mcbumcrumble@lemmy.world 11 months ago
iDRAC is specifically designed for remote management of serves. Calling it a back door is silly when it’s more of a front door. It’s how Dell intends for you to manage the server.
t0m5k1@lemmy.world 11 months ago
That’s the same train of thaught I had when telnet was declared a back door in huawei devices.
theregister.com/…/huawei_enterprise_router_backdo…
During the hey day I passed hcna-rs, the first thing we were taught was to just use telnet as a means to enable shh, then log back in and disable telnet.
Moral of the story, do not under estimate a nation state’s use of global tech media to effect a global drop of a product or manufacturer from the market.
IHeartBadCode@kbin.social 11 months ago
LUL. So you’re right but one of the horror stories I tell around campfires is how many folks don’t know about that front door.
So how about we agree to “surprise feature” for iDRAC? And, yes yes, I can feel the “they shouldn’t be admins” coming.
ggppjj@lemmy.world 11 months ago
It has to be enabled, right? So if someone enabling iDRAC doesn’t know that it exists…
IHeartBadCode@kbin.social 11 months ago
The person enabling it isn’t always still at the company.